Summary Efficient Fuzzing via Shapley-Guided Byte Selection arxiv.org
15,211 words - PDF document - View PDF document
One Line
SHAPFUZZ is a fuzzer that improves fuzzing in software programs by employing Shapley-Guided Byte Selection.
Slides
Slide Presentation (8 slides)
Key Points
- Mutation-based fuzzing is an effective method for discovering bugs in software programs.
- Shapley analysis is used to understand the effect of byte positions on fuzzing.
- ShapFuzz is a fuzzer that uses Shapley values to guide the byte selection process, resulting in improved edge coverage and bug discovery.
- The Shapley-Guided Byte Selection method efficiently fuzzes programs and discovers new code by calculating the Shapley values of bytes.
- S HAP F UZZ aims to efficiently generate new inputs for program testing by maintaining the same length after mutation.
- SHAPFUZZ performs well in terms of code coverage and bug discovery compared to other fuzzers.
- Several research papers on efficient fuzzing techniques are referenced in the text, including STEELIX, UNIFUZZ, and PATA.
Summaries
17 word summary
This paper introduces SHAPFUZZ, a fuzzer that uses Shapley-Guided Byte Selection to enhance fuzzing in software programs.
36 word summary
This paper discusses the use of Shapley-Guided Byte Selection for efficient fuzzing in software programs. The authors propose a fuzzer called SHAPFUZZ that utilizes Shapley values to guide the byte selection process, resulting in improved edge
607 word summary
Mutation-based fuzzing is an effective method for discovering bugs in software programs, but few studies have focused on quantifying the importance of input bytes. In this paper, the authors conduct Shapley analysis to understand the effect of byte positions on fuzzing
We propose S HAP F UZZ, a fuzzer that uses Shapley values to guide the byte selection process, resulting in improved edge coverage and bug discovery compared to other state-of-the-art fuzzers. We implement S HAP F U
The Shapley-Guided Byte Selection method was used to efficiently fuzz programs and discover new code. The Shapley values of bytes were calculated by determining the number of new edges discovered by each combination of bytes. To obtain accurate Shapley
The document discusses a method called Shapley-Guided Byte Selection for efficient fuzzing. It introduces the concept of the Shapley value in game theory, which calculates the importance of a player in a coalition. The authors propose using Shap
The use of self-new edges provides more information about the relations between input bytes and path constraints, improving the efficiency of fuzzing. Shapley values are calculated for each byte to determine their importance in code discovery. Seeds that do not change length and
S HAP F UZZ is a fuzzing technique that aims to efficiently generate new inputs for program testing. It focuses on building families of inputs that maintain the same length after mutation. When new code is discovered, mutators that change the length of
S HAP F UZZ is an efficient fuzzing technique that utilizes Shapley analysis and byte selection to improve the effectiveness of fuzzing. It starts by finding ten center seeds with diverse paths. The cosine similarity between a seed and the center seeds
We randomly mutate identified control flow-related bytes in a file. Seeds A and B with the same length and genetic relationship may have different meanings for byte j, which follows byte i. Sharing the Shapley value of byte j among these seeds would result
Efficient Fuzzing via Shapley-Guided Byte Selection compares the performance of different fuzzers on various programs. ShapFuzz consistently requires less time to analyze programs compared to other fuzzers, taking less than 1000 seconds to
The analysis compares the performance of different fuzzers in terms of analysis time, edge coverage, and bug discovery. It is found that as the length of the seed decreases, the analysis time decreases for all fuzzers. SHAPFUZZ shows the most
The performance of SHAPFUZZ may be limited due to its exploitation capability. When evaluating the efficiency of edge discovery, SHAPFUZZ achieves better code coverage than other fuzzers. In bug discovery tests, SHAPFUZZ triggers the most unique
MAGMA integrates S HAP F UZZ into its benchmarks and compares it to five other mutation-based fuzzers. S HAP F UZZ successfully discovers several previously unknown bugs in the latest versions of programs. It performs the best on seven out of
This paper introduces a novel fuzzer called SHAPFUZZ, which aims to increase code coverage and bug discovery through efficient byte mutation. The fuzzer utilizes Shapley analysis to identify bytes with high Shapley values, which are the most influential
Several research papers on efficient fuzzing techniques are referenced in this excerpt. These papers include "Program-adaptive Mutational Fuzzing" by Brumley, "Efficient Fuzzing by Principled Search" by Chen and Chen, "F
Tiu et al. developed a program-state based binary fuzzing technique called STEELIX. Li et al. introduced UNIFUZZ, a metrics-driven platform for evaluating fuzzers. Liang et al. presented PATA, a fuzzing
This summary provides a list of references to related research papers on the topic of efficient fuzzing. The papers mentioned include "NEUZZ: Efficient Fuzzing with Neural Program Smoothing," "DRILLER: Augmenting Fuzzing Through